What are highest performance SQLite encryption codecs in Botan?

Question

When using Botan encryption with botansqlite3, what are the optimal configuration settings for performance?

OR

How can I configure Botansqlite3 to use CAST5?

I am currently using AES and it is too slow. My use case is a game.

I am looking for weak or moderate encryption to protect my game's data (not end user data) so security is less of a consideration than performance.

Here is my current BotanSqlite3 codec.h

/*These constants can be used to tweak the codec behavior as follows */

//BLOCK_CIPHER_STR: Cipher and mode used for encrypting the database
//make sure to add "/NoPadding" for modes that use padding schemes
const string BLOCK_CIPHER_STR = "Twofish/XTS";

//PBKDF_STR: Key derivation function used to derive both the encryption
//and IV derivation keys from the given database passphrase
const string PBKDF_STR = "PBKDF2(SHA-160)";

//SALT_STR: Hard coded salt used to derive the key from the passphrase.
const string SALT_STR = "&g#nB'9]";

//SALT_SIZE: Size of the salt in bytes (as given in SALT_STR)
const int SALT_SIZE = 64/8; //64 bit, 8 byte salt

//MAC_STR: CMAC used to derive the IV that is used for db page
//encryption
const string MAC_STR = "CMAC(Twofish)";

//PBKDF_ITERATIONS: Number of hash iterations used in the key derivation
//process.
const int PBKDF_ITERATIONS = 10000;

//KEY_SIZE: Size of the encryption key. Note that XTS splits the key
//between two ciphers, so if you're using XTS, double the intended key
//size. (ie, "AES-128/XTS" should have a 256 bit KEY_SIZE)
const int KEY_SIZE = 512/8; //512 bit, 64 byte key. (256 bit XTS key)

//IV_DERIVATION_KEY_SIZE: Size of the key used with the CMAC (MAC_STR)
//above.
const int IV_DERIVATION_KEY_SIZE = 256/8; //256 bit, 32 byte key

//This is definited in sqlite.h and very unlikely to change
#define SQLITE_MAX_PAGE_SIZE 32768

I believe that I need to find replacements for BLOCK_CIPHER_STR, PBKDF_STR, MAC_STR, KEY_SIZE and IV_DERIVATION_KEY_SIZE to reconfigure BotanSqlite3 to use a different codec.

I found a extensive comparison test of Botan codec performance here: http://panthema.net/2008/0714-cryptography-speedtest-comparison/crypto-speedtest-0.1/results/cpu-sidebyside-comparison-3x2.pdf#page=5

However, the testing was done with Botan directly, not botansqlite3 as I intend to use it. Looking at the charts, a good candidate appears to be CAST5 from a performance perspective.

• The database in question is 300KB, mostly INTEGER fields with some text blobs.

• I am configuring Botan as suggested by OlivierJG of botansqlite3 fame, using the amalgamation

  './configure.py --no-autoload --enable-modules=twofish,xts,pbkdf2,cmac,sha1 --gen-amalgamation --cc=msvc --os=win32 --cpu=x86 --disable-shared --disable-asm'

References:

http://github.com/OlivierJG/botansqlite3 - botansqlite3 is an encryption codec for SQLite3 that can use any algorithms in Botan for encryption

http://www.sqlite.org - sqlite3 is a cross-platform SQL database

http://botan.randombit.net/ - botan is a C++ encryption library with support for a number of codecs

Answer 1

You can get CAST-128 (or as I was calling it, CAST5) to work, it is a block cipher.

The best bet is the above with different configuration of key size.

Twofish is pretty fast.

Thank you to 'Olivier JG' for all the excellent code.